CVE-2022-21191

global-modules-path Command Injection vulnerability

Description

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

JavaScript

Publish Date

January 13, 2023

Modified Date

April 4, 2025

Score Vector

Affected Versions